How to Share Documents in the Cloud, Securely
The mobile-device revolution and proliferation of image-fat documents have led millions of workers to use consumer cloud-based services that make it easy to access files from any device and get them onto the screens of coworkers, partners and clients.
But all the high-flying documents stashed in free services such as Dropbox and SugarSync are becoming a concern to many companies. Customer information and trade secrets are sitting in servers outside managers' control -- often without their knowledge. It's sort of like oil spilling into the Gulf of Mexico, says Michael Suby, vice president of research at New York City-based Frost & Sullivan. "If you don't plug the holes that tap the well, you're not being responsible."
The problem is destined to grow as cloud file storage and sharing go more mainstream, experts say. The major Internet giants are all pushing into the market. Last week, Google announced a service dubbed Drive. Microsoft already has SkyDrive, and Apple has iCloud.
Related: Why Google Drive Won't Be a Dropbox Killer
But alternatives with more security and business-like features are readily available. Dropbox and SugarSync are expanding their offerings to provide low-cost, if basic, business versions that provide some additional controls. And a growing list of companies offer more sophisticated and secure services for business users, among them Accellion, Box, CX.com, Egnyte's HybridCloud, Oxygen Cloud, Wuala and YouSendIt. While some offer free starter accounts, paid services range from $15 to $500 a month or more, depending on the number of users and amount of data storage needed.
Jim Andersen, president of Foundation Management Associates, a financial consultancy to charitable organizations, stopped using Dropbox a year ago after two troubling incidents. First, an employee at a Haitian hospital client accidentally deleted a year of financial records from its computers, and Andersen's, with a single keystroke. Then, he almost lost a large new client because a state government it was tied to had blacklisted Dropbox.
Andersen switched to Citrix's ShareFile, which lets him bar clients from deleting files and allayed the state government's security worries. Meanwhile, ShareFile provided a branded portal that boosted his credibility with clients, he says. "I've built my business around it."
Dropbox said Andersen could have recovered his files using the service's version history or Pack-Rat features and that many small businesses successfully use its Teams product.
Related: New Dropbox Service Is Tailored for Business Teams
Figuring out which service to use can be tricky. With many startups in the mix, consider who has staying power and guarantees a high level of availability of your data. Ease-of-use is paramount to success with your employees, as are features that fit the way they work. You also may want special features for your industry or an option for your IT department to do customization.
It's easy to switch providers, says Guy Creese an analyst at Stamford, Conn.-based technology research firm Gartner. Check security and privacy practices, list the features you need most and go with the service that matches your needs most closely. Here are four key security considerations as you explore the options:
All credible services encrypt data while it travels through the Internet and sits in data centers. They also have vital security systems to keep hackers out and are audited by third parties to confirm they're up to snuff.
Because tablets and smartphones are easily lost, stolen or accessed by an unauthorized person, check the steps a service has taken to protect data temporarily stored, or "cached," in employees' devices. For example, YouSendIt encrypts cached files on mobile devices, and ShareFile lets you remotely wipe its apps from missing devices, along with all log-in information and cached files.
2. User authentication
Businesses need control over user accounts so that ex-employees no longer have access to company information. Look for a service that lets an administrator manage accounts and define which users can read, edit and delete which files and folders. Also, look for such security features as the ability to set passwords for individual files and to wipe cached data in mobile devices if someone repeatedly fails to enter the right password.
3. Audit trails
Consider selecting a service that keeps detailed logs of which employees downloaded, uploaded and shared which files with whom and when. The information will give you better visibility into your operations. And if you should have a security breach, it can help you figure out what happened.
4. Subpoena protection
Documents stored with a cloud provider can be subpoenaed by the government and other parties, and may be turned over without your consent. If you find this prospect troubling, two services offer special protection.
Oxygen Cloud provides a two-part system that lets companies store files behind their own firewalls, while users access them on any device through a cloud-based user dashboard. You respond to any subpoenas.
Related: Three Reasons Apple's iCloud Isn't Ready for Business
Waula, a unit of Zurich-based LaCie AG, takes another approach. First, it encrypts files on your computer, so not even Waula can read them. (Steganos Software's Elefile does this, too, and CX is building this capability.)
Then, Wuala breaks the encrypted files into chunks and creates redundant fragments that it stores in scattered locations. All of its data centers are in Germany, Switzerland and France, where privacy regulations are stricter than in the U.S.
Riva Richmond is a freelance journalist who has covered technology for more than a decade. She focuses on computer security, privacy, social networking and online business and has written for The New York Times, The Wall Street Journal and other national publications. Previously, Riva was a technology reporter at Dow Jones Newswires and regular contributor to The Journal's "Enterprise" small business column.